This content originally appeared on Twilio Blog and was authored by Security
Twilio believes that the security of our products and our customers’ data is of paramount importance and when an incident occurs that might threaten that security, we tell you about it. To that end, we wanted to provide an overview of our response to the recently discovered zero-day vulnerability in the Java logging library Log4j.
What happened?
On December 9, 2021, Apache publicly disclosed a remote code execution (RCE) vulnerability (CVE-2021-44228) in its popular Java logging library, Log4j. Upon identification of the security advisory, Twilio began its security incident response process to evaluate the potential impact to Twilio and promptly begin steps to remediate any exposure.
What have we done?
Our subsequent investigation evaluated and identified usage of the affected Log4j versions in the Twilio environment. Twilio is currently working to remediate, through patching, those affected Log4j versions as quickly as possible.
While that process is ongoing, our security team has set up detective and preventive controls to protect against exploitation of our environment. As of the time of posting, we have not discovered any instances of exploitation of this vulnerability within our environment. If Twilio becomes aware of unauthorized access to our environment, we will notify impacted customers without unnecessary delay.
Next Steps
The Twilio Security Incident Response Team will post any updates here if there are any changes. If you have further questions, please reach out to your customer support partner or our Support team.
This content originally appeared on Twilio Blog and was authored by Security
Security | Sciencx (2021-12-14T18:54:08+00:00) Twilio’s Response to the Log4J Vulnerability. Retrieved from https://www.scien.cx/2021/12/14/twilios-response-to-the-log4j-vulnerability/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.